How we keep your data safe and who has access We ensure that there are appropriate technical controls in place to protect your personal details. For example our online forms are always encrypted and our network is protected and routinely monitored. We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors. We use external companies to collect or process personal data on our behalf, for example, when we send out a large mailing like our newsletter Reach or our Christmas appeal. We do comprehensive checks on these companies before we work with them, and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data we have shared. Some of our suppliers may run their operations outside the European Economic Area (EEA). After Brexit, the UK may be outside the EEA. Although companies may not be subject to same data protection laws as companies based in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law. By submitting your personal information to us you agree to the transfer, storing or processing at a location outside the EEA. We may need to disclose your details if required to the police, regulatory bodies or legal advisors. We will only ever share your data in other circumstances if we have your explicit and informed consent.